What is the suggested version to use for the gotroot rule sets at "https://updates.atomicorp.com/channels/rules/delayed/"? Should we use the "modsec-2.5" or the "modsec-2.7" ruleset? I am not sure which one is more compatible or have been tested with.

mod_security is our upstream and keeps updating frequently. so we're lag with them almost all the time. But 1st, I don't think mod_security is all of security; 2nd, one fact I know of, when I log in our customers' server, I see quite a lot of them installed mod_security and litespeed at the same time as WHM(cPanel) plug-in, they are using latest gotroot rulesets I believe. litespeed improve mod_security compatibility mainly base on customer's feedback. As an example in latest 4.2.2, "Improved mod_security compatibility with gotroot ruleset."

in general, latest ruleset is safe to use. for those mod_security directives which litespeed not support, the rules are just ignored and next rules are picked up to be processed. if it breaks litespeed, please report us and you please fall back to a previous ruleset.

So far, I've not heard of a user case, because of latest mod_security ruleset not support yet, the server has been compromised or hacked or any big loss.